ServiceNow Configuration Management Database (CMDB) Connector Guide

How to set up and use the ServiceNow Configuration Management Database (CMDB) connector in RiskSense.

This article is currently being updated. Thank you for your patience.

Overview

The ServiceNow Configuration Management Database (CMDB) connector creates an integration with the ServiceNow CMDB module for syncing information with the RiskSense platform. Optionally, you can enable the RiskSense platform to create configuration items (CIs) within ServiceNow CMDB. When the connector is configured, RiskSense users can see and filter CMDB information within the platform. If the option for asset creation is turned on and configured, the user will be able to see new assets within the defined table in ServiceNow CMDB. The ServiceNow user used in the connector configuration process needs read access to the CMDB CI tables that assets are stored in and write access (if configured) to the CI table created in ServiceNow for creating new assets.

This connector offers the flexibility to define up to 10 custom fields pulled from ServiceNow on top of the default fields (coming from the base CI table in ServiceNow). It allows for optional asset creation in ServiceNow. Additionally, it supports business criticality mapping in multiple ways to help get your asset’s business criticality synced into the platform.

ServiceNow Configuration

ServiceNow Table Creation (Required for CMDB Asset Creation)

To write to CMDB, create a table in ServiceNow using the CI class manager with the display name cmdb_ci_risksense.

cmdb_ci should be the parent table of the u_cmdb_ci_risksense table.

ServiceNow CMDB - Create Custom Table

The following link provides additional details on table creation:

ServiceNow User Permissions

RiskSense requires ServiceNow user credentials during the connector configuration process. This user must have create, read, and write permissions to the custom table created in the previous step. The itil role should give access to the cmdb_ci table and all related tables to read all required fields for this integration (except for the asset creation options, which are covered separately in this guide).

ServiceNow CMDB - User Permissions

You can either create a new user and assign them the itil role or add it to an existing user. These user credentials are used during the RiskSense connector setup and communicate via API calls with the ServiceNow instance.

The following link provides details on assigning a role to a user:

Connector Configuration

Navigate to the Automate > Integrations page.

Navigation - Automation - Integrations-1

Using the search bar in the upper-right corner of the Integrations page, type CMDB to find the connector.

ServiceNow CMDB - Search for Connector

Locate the ServiceNow CMDB card on the page and click Configuration.

ServiceNow CMDB - Configuration Button Location-1

In the new window under Connection, complete the required fields, as described below.

  • Connector Name: The connector’s name.
  • Username: ServiceNow username with the permissions designated earlier in this guide.
  • Password: Password for the associated ServiceNow account.
  • Location (URL): ServiceNow instance URL.
  • Show Optional SSL Certificate: Check this box to add an optional SSL certificate in base64 format.

ServiceNow CMDB - Connection Window

Click the Test Credentials button to ensure the credentials are correct and have the necessary access to make ServiceNow CMDB API calls.

ServiceNow CMDB - Test Credentials

Under the Connector Specific Option section, configure the following items for the connector.

Configured CMDB connectors connected to Networks: This section displays any currently configured CMDB connectors connected to networks in RiskSense.

Network: This section configures what RiskSense networks the connector will be limited to when syncing asset information from the ServiceNow CMDB module. Select the network from the dropdown.

ServiceNow CMDB - Select Network

Default Fields: All these fields are base CI fields in ServiceNow and will be pulled for all assets in the RiskSense platform that reside in configured networks if populated in ServiceNow.

ServiceNow CMDB - Default Fields

Business Criticality: Business Criticality can be used in three ways.

Off (No Criticality Sync)

ServiceNow CMDB - Business Criticality Off

On with Criticality Mapping

This can be mapped to source criticality, which comes from the business_criticality (Business Criticality) field in the cmdb_ci_service (Business Service) table. These cmdb_ci_service (Business Service) objects are associated with cmdb_ci (Configuration Items) and its child tables. If multiple cmdb_ci_service (Business Service) records are associated with a single CMDB CI, then RiskSense takes the highest of the information from ServiceNow.

ServiceNow CMDB - Assign Criticality

On with Field Mapping

This can be mapped to a specific field meeting the criteria defined in the screenshot below.

ServiceNow CMDB - Import Criticality

CMDB Tables to Query:

ServiceNow CMDB - CMDB Tables to Query

Asset Matching Query Order:

ServiceNow CMDB - Asset Matching Query Order

Asset Matching Field: ServiceNow CMDB - Asset Matching Field

Allow Automatic Asset Creation: The connector can be configured to automatically create new configuration items in ServiceNow CMDB. This requires that a table and permissions to this table (u_cmdb_ci_risksense) have been created and granted within the ServiceNow instance. During a sync with ServiceNow CMDB, any asset in the RiskSense platform that cannot find any matching ServiceNow records (CI) will create a new configuration item (CI) in the CMDB. This does NOT happen for multiple records found situations.

ServiceNow CMDB - Allow Automatic Asset Creation

Asset Compliance: These fields can be mapped to any valid CI fields in ServiceNow. If these fields are not there for any given CI, they will simply not be populated in the platform.

ServiceNow CMDB - Asset Compliance

Custom Fields: These fields can be mapped to any valid fields on your CIs in SNOW. If these fields are not there for any given CI, then they will not be populated in the platform.

Click the Save button to save the connector’s configuration and create the connector. Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

Clicking the History button displays the connector details for each pull. The Sync button allows users to perform on-demand sync. The Edit button allows the user to edit the connector configuration. The Delete button allows the user to delete the connector.

ServiceNow CMDB - Configured Connector

RiskSense CMDB Usage

There are many ways that the RiskSense platform allows you to view, edit, lock, filter, and use CMDB information synced with your RiskSense assets.

General Sync Information

Once the connector is synced, if an asset previously found a matching record in ServiceNow CMDB, then it will keep syncing with the same record in all future sync operations even though there could be multiple matching records found in ServiceNow CMDB.

Custom Field Display Value Configuration

While logged into the RiskSense platform, navigate to the Settings (Settings Menu - Gear - Small) > Client Settings page from the top-right corner of the screen.

ServiceNow CMDB - Client Settings Menu Location

Custom field labels can be configured in the Configuration Management Database section. This setting only affects the connector configuration screen and the host detail slide-out display value.

NOTE: When filtering for these fields, the filter category will always be “Custom Field X” and not the configured display value for the detail pane.

ServiceNow CMDB - Client Settings Custom and Asset Matching Fields